CVE-2018-0824[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CVE-2018-0824.exe
Size

152KB
MD5

83eec911497de58dadbb9c1e657cab25
SHA1

daadf04dbb71aa23d05eb8c52fc4736ac2d23e76
SHA256

b66c569e2c3729c9bc99d6bfea795d122d479bbd715509bf7ce5cf4f09e15e00
SHA512

b31e6eded9a91b8052cee4781ae9b65fdc6bafd4fa35fa92ac3491cd234ff8408bcbbb8ae663051674131ded76a0639476f94a3aab923c81d95cb012618ce948
SSDEEP

1536:VX7lRhI9033voRSFIYOIhDxmJ0Aaxa1k4cEJWnPfGPfYJoymqhAhO:tZRz3A+9UXaxa1EHXsfYJaRhO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CVE-2018-0824.exe

Files

CVE-2018-0824.exe
.exe windows x64

937265948a52c5980363c0c56bb75eff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
SetEvent
CreateEventW
GetCurrentProcess
GetCurrentProcessId
WriteFile
GetModuleFileNameW
LocalAlloc
LocalFree
FormatMessageW
lstrlenW
ReadFile
GetFileSize
DeleteFileW
ProcessIdToSessionId
CreateFileW
GetModuleHandleW
FreeLibrary
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
LoadLibraryExW
GetProcAddress
RaiseException
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetLastError

advapi32

DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
SetTokenInformation

ole32

StringFromIID
CLSIDFromString
CoCreateInstance
CoInitializeSecurity
CoGetStdMarshalEx
CoUninitialize
CoInitialize
MkParseDisplayName
CreateBindCtx
OleSaveToStream
CoTaskMemFree

oleaut32

CreateErrorInfo
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysFreeString
SysAllocString
SetErrorInfo
VariantChangeType
VariantInit
GetErrorInfo

msvcp120d

?_Debug_message@std@@YAXPEB_W0I@Z
??0_Container_base12@std@@QEAA@XZ
??1_Container_base12@std@@QEAA@XZ
?_Orphan_all@_Container_base12@std@@QEAAXXZ
?_Swap_all@_Container_base12@std@@QEAAXAEAU12@@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??0id@locale@std@@QEAA@_K@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ

shlwapi

PathRemoveFileSpecW

msvcr120d

_purecall
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcmp
memcpy
memcpy_s
memset
strlen
memmove
wcscmp
wcstoul
_wassert
printf
scanf_s
swprintf_s
_vsnwprintf
_hypot
_CxxThrowException
__CxxFrameHandler3
wcslen
free
malloc
_lock
_unlock
_CrtDbgReportW
_calloc_dbg
__dllonexit
__C_specific_handler
_onexit
_CRT_RTC_INITW
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
_CrtSetCheckCount
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__winitenv
_fmode
_commode
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtSetUnhandledExceptionFilter
wcscpy_s
_wmakepath_s
_wsplitpath_s

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

937265948a52c5980363c0c56bb75eff

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

msvcp120d

shlwapi

msvcr120d

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 7KB - Virtual size: 6KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 7KB - Virtual size: 6KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB